dotcms and log4j vulnerability
瀏覽次數:58 次
跳到第一則未讀訊息
Karias Bolster
2021年12月13日 凌晨4:23:232021/12/13
收件者:dotCMS User Group
Hi,
We are still currently on the progress of migrating our dotcms admin to the latest version but our current version which is community edition 5.2.8 seems to be affected by the log4j zero day vulnerability. My question is, is the latest version does not contain this vulnerability and is there a temporary fix for this in community edition 5.2.8.
Regards
Karias Bolster
2021年12月13日 凌晨4:37:232021/12/13
收件者:dotCMS User Group
I forgot to mention that we are using docker image and by latest i meant the tag latest which was updated a month ago.
Nathan Keiter
2021年12月13日 上午9:34:392021/12/13
收件者:dot...@googlegroups.com
Karias,
You need to add a JVM argument to the startup.sh script. Not sure how that would be done in Docker. Typically startup.sh script overrides are done via static plugins.
See here: https://github.com/dotCMS/core/issues/21393
Nathan I. Keiter | Lead Network Applications Programmer
Gettysburg College | Information Technology | DataSystems
Campus Box 2453 | 300 North Washington Street | Gettysburg, PA 17325
Phone: 717.337.6993
https://www.gettysburg.edu<https://www.gettysburg.edu/>
________________________________
From: dot...@googlegroups.com <dot...@googlegroups.com> on behalf of Karias Bolster <karias....@gmail.com>
Sent: Monday, December 13, 2021 4:37 AM
To: dotCMS User Group
Subject: [dotcms] Re: dotcms and log4j vulnerability
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
________________________________
--
http://dotcms.com<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fdotcms.com&c=E,1,M9dzNv46fu6FlqBWTlh0XSVT-VunyEWvEaTFs45ODUhcOqSsjjVwBa4pF2k7HJohpwtbPd1U0tH0PpQw_yLBM33jy7Tn4XEFbKOYw6cHKuyvXLLk5UKv5zkoQEI,&typo=1> - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dotcms+un...@googlegroups.com<mailto:dotcms+un...@googlegroups.com>.
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/ab1cca50-14e3-46d0-aa7d-08cfc08eb03bn%40googlegroups.com<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fgroups.google.com%2fd%2fmsgid%2fdotcms%2fab1cca50-14e3-46d0-aa7d-08cfc08eb03bn%2540googlegroups.com%3futm_medium%3demail%26utm_source%3dfooter&c=E,1,7ZAp4ucPWYp_abRZPTNlNDRgkzIVoIkQzLkb83wZ0u0Thtv0tMe_XxWcHw0ahqfJisVsrlj1UbjBn5pBFhmDtWS1QLZfqmJQx3KcXOYCR2-7B9lWxu4oNywuWegV&typo=1>.
You need to add a JVM argument to the startup.sh script. Not sure how that would be done in Docker. Typically startup.sh script overrides are done via static plugins.
See here: https://github.com/dotCMS/core/issues/21393
Nathan I. Keiter | Lead Network Applications Programmer
Gettysburg College | Information Technology | DataSystems
Campus Box 2453 | 300 North Washington Street | Gettysburg, PA 17325
Phone: 717.337.6993
https://www.gettysburg.edu<https://www.gettysburg.edu/>
________________________________
From: dot...@googlegroups.com <dot...@googlegroups.com> on behalf of Karias Bolster <karias....@gmail.com>
Sent: Monday, December 13, 2021 4:37 AM
To: dotCMS User Group
Subject: [dotcms] Re: dotcms and log4j vulnerability
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
________________________________
http://dotcms.com<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fdotcms.com&c=E,1,M9dzNv46fu6FlqBWTlh0XSVT-VunyEWvEaTFs45ODUhcOqSsjjVwBa4pF2k7HJohpwtbPd1U0tH0PpQw_yLBM33jy7Tn4XEFbKOYw6cHKuyvXLLk5UKv5zkoQEI,&typo=1> - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dotcms+un...@googlegroups.com<mailto:dotcms+un...@googlegroups.com>.
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/ab1cca50-14e3-46d0-aa7d-08cfc08eb03bn%40googlegroups.com<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fgroups.google.com%2fd%2fmsgid%2fdotcms%2fab1cca50-14e3-46d0-aa7d-08cfc08eb03bn%2540googlegroups.com%3futm_medium%3demail%26utm_source%3dfooter&c=E,1,7ZAp4ucPWYp_abRZPTNlNDRgkzIVoIkQzLkb83wZ0u0Thtv0tMe_XxWcHw0ahqfJisVsrlj1UbjBn5pBFhmDtWS1QLZfqmJQx3KcXOYCR2-7B9lWxu4oNywuWegV&typo=1>.
回覆所有人
回覆作者
轉寄
0 則新訊息